Tips & strategies

Learn the top quick steps, then deepen your knowledge and learn more strategies with key IU resources from Protect IU and the IU Knowledge Base.

Plus, find high-quality training resources available at IU.

Think before you click—Quick steps

1. Recognize

Verify the sender is who you think it is.

How: Double-click or tap the sender’s name at the top of the email to view the real email address. (In Gmail, hover without clicking.) 

Get more help to recognize >>

2. Rethink

If you can't verify the sender, do not click at all.

How: If the email refers to a known website, type that website address into a new browser window instead and check for information there. 

Get more help to rethink >>

3. Report

Suspect it's a phish? Send the alert.

How: Contact your campus UITS Support Center for help on how to report it. 

Get more help to report >>

Reveal actual URLs before clicking

Before clicking, make sure you trust the destination of the URL. Some links can trick viewers by having a safe URL as the viewable text, but the actual destination URL is a scam site. Remember the phrase "hover to discover." Here's how:

  • On a desktop computer, to hover on a link, position your mouse cursor over the linked text without clicking on it. This will reveal a small text box that contains the full destination URL. 
  • On mobile devices, the technique to show the URL without opening the destination webpage can vary. Often, it involves a light-pressure long press.

Practice with this link. Hovering should reveal the URL "" in small text at the bottom left of this web browser window.

When you hover in your email, often the full URL will appear in small text right next to the link.

Before you click, always be sure you trust the full URL.

Watch how to outsmart Wolfrid—a wolf in sheep's clothing—by investigating email links. And make sure to work through the tips in this "Rethink" section.

Description of the video:

[ Music ]

>> Hold on. I would rethink this one. If you have not verified the sender, do not click on links in emails at all. If the email refers to a known website, type that website address into a new browser window instead to verify its authenticity. Even for trusted contacts and emails, it's a good idea to hover over the link first without clicking on it. This should reveal a small popup with the actual destination URL. Only click if you trust that revealed URL completely. This email is definitely a phish. So, think before you click. There are even more ways to recognize a wolf in sheep's clothing, but not clicking any links from unknown senders is a good step. Find more tips to recognize, rethink, and report on

[ Music ]

Avoid clicking links in emails

The best solution is to go directly to a known website address rather than clicking links in an email. Instead of clicking links in notification emails, go to the trusted website address and check for notices there. 

Learn more about making sure a website is genuine.


Think critically about the message

Think critically about the way the email is worded and what the request is. Anything urgently requesting action regarding financial transactions or providing sensitive information should be a red flag to investigate carefully.

Get more tips from the Protect IU site on how to analyze messages.

View emails in plain text

Viewing emails in plain text can reveal details that scammers try to hide, including full URLs for all links.

Learn how to view Outlook emails in plain text.

Report the message in Outlook

You can use the built-in reporting features in Outlook to report suspicious email to the IT Security Office.

Report a phishing message in Outlook

Never open attachments from unverified senders

If you can't verify the sender, don't click the attachment. Attachments are a key way that malware and harmful files are sent in phishing attacks.

Watch how catch Wolfrid—a wolf in sheep's clothing—by reporting suspected phishing email scams. And make sure to work through the tips in this "Report" section.

Description of the video:

[ Music ]

>> Good call. This email looks suspicious. If a suspected phishing email targets IU in any way, you can contact the UITS support center for help on how to report it. They will help you get the alert to IU's university information policy office, which can then evaluate the thread and minimize risk for the rest of the IU community. Outlook and student Gmail users at IU can also get a one-click reporting tool that takes care of reporting the phish to the policy office for you. To download this tool, search for PhishMe Reporter on And to learn more ways to report, visit While there are several ways to report a suspected phish, contacting UITS support center is a great way to get started. And if you do accidentally click on a suspected phish, contact the support center right away. So, feel free to squeal. Reporting a suspected phishing scam helps protect the entire IU community. Fine more tips to recognize, rethink and report on

[ Music ]

Contact your IT Pro or the UITS Support Center

If you don't have other means to report quickly, contact your IT Pro or the UITS Support Center.

UITS Support Center contact information


Forward the message to with full headers

Using any major email provider, you can forward the message to with full headers to report a suspected phishing email.

Learn how to forward with full headers
(Instructions for each email client are provided.)

Key recommendations from the IU Knowledge Base

The IU knowledge provides recommendations to avoid scams.

IU Knowledge Base recommendations

Training options to boost your defenses

Take free online courses

Take no-cost online training via IU Expand any time.

Explore online classes

Hold "Think before you click" workshops

Request a "Think before you click" instructor-led workshop with IT Training.

Schedule a workshop